TUCoPS :: SGI :: cert0015.txt

Irix mail 


-----BEGIN PGP SIGNED MESSAGE-----



CA-90:08                       CERT Advisory
                              October 31, 1990
                       IRIX 3.3 & 3.31 /usr/sbin/Mail

- ---------------------------------------------------------------------------

The CERT/CC has received the following report of a vulnerability in
/usr/sbin/Mail, present only in IRIX 3.3 and 3.3.1.  This information was
provided to the CERT/CC by Robert Stephens, of Silicon Graphics Inc.

- ----------------------------------------------------------------------------

DESCRIPTION:
/usr/sbin/Mail can fail to reset its group id to the group id of the caller.
 
IMPACT:
Can allow any user logged onto the system to read any other user's
(including root's) mail.

SOLUTION:
A fixed /usr/sbin/Mail binary has been made available for anonymous ftp
from SGI.COM ([192.48.153.1]).  The correct binary can be found at:

	sgi/Mail/Mail

under the ftp directory.

Note that this binary must be installed with the same group (mail) and
permissions (2755) as your existing 3.3 or 3.3.1 /usr/sbin/Mail.

- --------------------------------------------------------------------------

CONTACT INFORMATION

For further questions, please contact your Silicon Graphics support center
(Geometry Partners HOTLINE number: (800) 345-0222)

- --------------------------------------------------------------------------

Computer Emergency Response Team/Coordination Center (CERT/CC)
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Internet E-mail: cert@cert.org
Telephone: 412-268-7090 24-hour hotline: CERT personnel answer
           7:30a.m.-6:00p.m. EST, on call for
           emergencies other hours.

Past advisories and other information are available for anonymous ftp
from cert.org (192.88.209.5).

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMaMwi3VP+x0t4w7BAQFjMgQAiXFV+Dh5WiTIxFsE2uh0Ek9Ec164MCEa
HBB8bSXEy+cSP877mVu4w/1o1eQkNBBw1Wi8ExmNDb5FJgZt/d/vqhjtAf59SOwV
Is6/a+6GyfJFK2LySwlJ/zxajZBGzPov0P1Pd9WsyDg4yUW6rVZFKjb2IkWraUL4
P7jw2Hf2iuQ=
=vulZ
-----END PGP SIGNATURE-----

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH